It’s based upon a not-so-current version of Laravel Homestead. I switched it to the debian/jessie64 base box, and added an init shell script. The init script will run every time you run vagrant provision, so I have carefully crafted the script to ensure it will not break things when run multiple times.
When developing web applications that use APIs, it is usually necessary to have the development site accessible for API callback URLs. A good example would be when working with payment gateway systems, which typically post back success or failure of transactions. In this event it is convenient to use HTTP authorisation to prevent outside access (users, crawlers, etc.). The issue with this is that API systems don’t always work with the http://[user]@[password]:[url] method of manually passing through this authentication method.
I have been trying to disable the server signature for a while, but I found that turning off the ServerSignature directive didn’t work for all servers. The signature might read something like:
Apache/2.2.X (Ubuntu) mod_ssl/2.X.X OpenSSL/0.X.X
If your server exposes this information, it’s easier for an attacker to compromise a system based on flaws in a particular server software version (especially if your server software is allowed to become outdated, or your distribution is slow to release security updates). By default, it will display this on error pages in plain text, and also present it as a Server header on every request.
To disable completely, you should set the following directives in your Apache configuration:
ServerSignature Off ServerTokens Prod
Making your site as cache-able as possible is vital to ensure a smooth browsing experience. WordPress in it’s basic form is quite efficient, when you compare it to code-bases such as Magento. Adding functionality such as plug-ins, media, themes and widgets all have a negative effect on performance. As part of the process of making this domain as efficient as possible, a number of caching techniques have been considered and employed.